Codesys Runtime_toolkit

23 CVEs affecting Codesys Runtime_toolkit. Latest disclosed: 2025-12-01. Critical: 1, High: 15.

Top CVEs affecting Codesys Runtime_toolkit
CVESeverityScorePublishedSummary
CVE-2022-31806Critical9.82022-06-24In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or promp…
CVE-2023-6357High8.82023-12-05A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker…
CVE-2022-4224High8.82023-03-23In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS re…
CVE-2022-32143High8.82022-06-24In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All re…
CVE-2022-32138High8.82022-06-24In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or…
CVE-2022-32137High8.82022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-serv…
CVE-2019-9013High8.82019-08-15An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insuffic…
CVE-2022-32142High8.12022-06-24Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which ca…
CVE-2022-1965High8.12022-06-24Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the e…
CVE-2021-34595High8.12021-10-26A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions…
CVE-2025-41738High7.52025-12-01An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type…
CVE-2022-31805High7.52022-06-24In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVE-2021-34593High7.52021-10-26In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-ser…
CVE-2021-33486High7.52021-08-03All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVE-2021-30195High7.52021-05-25CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation.
CVE-2021-30186High7.52021-05-25CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
CVE-2022-32141Medium6.52022-06-24Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an inte…
CVE-2022-32140Medium6.52022-06-24Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checkin…
CVE-2022-32139Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service conditi…
CVE-2022-32136Medium6.52022-06-24In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-…